starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00

[GH-ISSUE #326] `mkcert -install` fails to install for Firefox on macOS #211

New issue

Open

opened 2026-02-25 22:32:52 +03:00 by kerem · 7 comments

kerem commented

2026-02-25 22:32:52 +03:00

Owner

Originally created by @Reconcyl on GitHub (Dec 31, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/326

I am attempting to test rustls usage in actix-web with this example. It recommended I use mkcert to set up a local CA.

It looks like mkcert was able to install it at the system level, but it gets errors when trying to install it for Firefox:

$ mkcert -install
The local CA is now installed in the system trust store! ⚡️
Installing in Firefox failed. Please report the issue with details about your environment at https://github.com/FiloSottile/mkcert/issues/new 👎
Note that if you never started Firefox, you need to do that at least once.

I have started Firefox before. The error occurs regardless of whether Firefox is started. The server can be started and accessed with curl -k, however Firefox returns SEC_ERROR_UNKNOWN_ISSUER and Chrome returns NET::ERR_CERT_AUTHORITY_INVALID.

System information:

macOS 10.13.6
Firefox 84.0.1 (64-bit)
mkcert 1.4.3 (installed with brew install --build-from-source)

Originally created by @Reconcyl on GitHub (Dec 31, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/326 I am attempting to test rustls usage in actix-web with [this example](https://github.com/actix/examples/tree/master/rustls/). It recommended I use mkcert to set up a local CA. It looks like mkcert was able to install it at the system level, but it gets errors when trying to install it for Firefox: $ mkcert -install The local CA is now installed in the system trust store! ⚡️ Installing in Firefox failed. Please report the issue with details about your environment at https://github.com/FiloSottile/mkcert/issues/new 👎 Note that if you never started Firefox, you need to do that at least once. I have started Firefox before. The error occurs regardless of whether Firefox is started. The server can be started and accessed with `curl -k`, however Firefox returns `SEC_ERROR_UNKNOWN_ISSUER` and Chrome returns `NET::ERR_CERT_AUTHORITY_INVALID`. System information: - macOS 10.13.6 - Firefox 84.0.1 (64-bit) - mkcert 1.4.3 (installed with `brew install --build-from-source`)

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@elhananjair commented on GitHub (Jan 10, 2021):

Hey I just manually imported the .pem file to Firefox Browser and it worked.

@elhananjair commented on GitHub (Jan 10, 2021): Hey I just manually imported the .pem file to Firefox Browser and it worked.

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@jimscard commented on GitHub (May 13, 2021):

I get an error when it tries to run certutil -- most likely because of the space in the profile path. Since it does an exec.Command of certutil with a constructed command line, the space in the profile path would need to be escaped or something.

└─$ mkcert -install
Sudo password:
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A -d sql:/Users/jscardelis/Library/Application Support/Firefox/Profiles/2paahz91.default": exit status 255

certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

@jimscard commented on GitHub (May 13, 2021): I get an error when it tries to run certutil -- most likely because of the space in the profile path. Since it does an exec.Command of certutil with a constructed command line, the space in the profile path would need to be escaped or something. └─$ mkcert -install Sudo password: The local CA is now installed in the system trust store! ⚡️ ERROR: failed to execute "certutil -A -d sql:/Users/jscardelis/Library/Application Support/Firefox/Profiles/2paahz91.default": exit status 255 certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@nailuj29 commented on GitHub (May 26, 2021):

I am also having this problem on Pop! OS 20.10

@nailuj29 commented on GitHub (May 26, 2021): I am also having this problem on Pop! OS 20.10

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@aktiver commented on GitHub (Dec 9, 2021):

Same issue here

@aktiver commented on GitHub (Dec 9, 2021): Same issue here

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@aktiver commented on GitHub (Dec 9, 2021):

Hey I just manually imported the .pem file to Firefox Browser and it worked.

How do you do that?

@aktiver commented on GitHub (Dec 9, 2021): > Hey I just manually imported the .pem file to Firefox Browser and it worked. How do you do that?

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@elhananjair commented on GitHub (Dec 10, 2021):

Hey I just manually imported the .pem file to Firefox Browser and it worked.

How do you do that?

Settings -> Privacy & Security -> View Certificates (Under Certificates section) -> click on Authorities tab -> Click on Import and select .pem file
that's it (restart Firefox)

@elhananjair commented on GitHub (Dec 10, 2021): > > Hey I just manually imported the .pem file to Firefox Browser and it worked. > > How do you do that? Settings -> Privacy & Security -> View Certificates (Under Certificates section) -> click on Authorities tab -> Click on Import and select .pem file that's it (restart Firefox)

kerem commented

2026-02-25 22:32:52 +03:00

Author

Owner

@francwalter commented on GitHub (Feb 22, 2026):

My Root pem was in:

"/Users/f/Library/Application Support/mkcert/rootCA.pem"

With cmd+shift+G I could reach it from the Mac File Picker.

@francwalter commented on GitHub (Feb 22, 2026): My Root pem was in: "/Users/f/Library/Application Support/mkcert/rootCA.pem" With cmd+shift+G I could reach it from the Mac File Picker.